As part of the Network Services room in TryHackMe, one of the areas covered is NFS. I will cover the technology in more detail at a later point but this article is dedicated towards a practice senario concerning how an unsecured NFS share can be exploited. To start with as always, we need to find…
THM – Exploiting FTP
As part of learning about Telnet in TryHackMe we practiced some methods in which FTP can be exploited. I have detailed one of the methods taken to do so here and how it was done. Scanning Phase To start with we ran a Nmap scan to see what open ports we had. –min-rate is used…
The uses and weaknesses of FTP
File Transfer Protocol, also known as FTP is a protocol primarily used to facilitate the transfer of files over a network. There are a large number of applications which utilise FTP (my favourite being Filezilla) the protocol is now vulnerable and has been for a long time. What’s the issues with FTP? FTP is one…
May 2023 – CYSA+ and Firewall installations
Hi all, a quick update as I know I haven’t posted in a little while. Currently revising for my CYSA+, unfortunately life has gotten in the way and haven’t been able to do as much as I would like but I’m making steady progress on this one. One particular topic I have been finding interesting…
Practical Experience for progression
11 April 2023 Moving briskly on from my pass yesterday I’ve purchased some content material for the CYSA+ exam, purchased two Rasberry PI zero w machines. Looking up the CYSA+ exam it recommends 4 years of experience and it seems some practical experience would be very handy to cement my learning. Therefore I’ve revisited and…
Security+ Passed and what comes next
So it’s been a couple of months since I’ve last posted. I promise I haven’t given in but as my previous posts may have indicated I’ve been taking my Comptia Security+ course. Well today I took that exam and passed with flying colours with a score of 819/900. This officially makes me Sec+ qualified. Expect…
1.4 Given a Scenario Analyse potential indicators associated with network attacks
Definitions Evil Twin Access point which looks like a legitimate access point but is actually maliciousOften copies SSID Rogue Access Point Unauthorized access point on a network Bluesnarfing Unauthorized access to data on a device via bluetooth Bluejacking Sending unsolicited messages to another device via Bluetooth Disassociation Attacks Denial of service attack which prevents WAP…
Module 1.2 – Given a scenario, analyse potential indicators to determine the type of attack.
Malware A blanker term for software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Virus Software that can reproduce itself Programme Virus Virus which is bundled with an application Boot Sector Virus Virus that installs in the boot sector so it executes with the OS Script Virus Script based…
Module 1.1 – Compare and contrast different types of social engineering techniques.
Social Engineering Techniques Phishing Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. Typo-Squatting Using domains with very similar names as legitimate ones to capitalise on spelling mistakes Pretexting A phishing attempt with a fabricated ‘pretext’ for why you should do what they say(e.g. we’re calling from Visa,…
Security+ SYO-601 Content
Hi all, this is a dictionary page! SYO-601 covers a lot of content in a fairly shallow manner. Rather than spam the site I’m putting a page here with a number of private root posts covering each section.